Re: radius install problemo: help
are you authenticating against unix or linux accounts? - Original Message - From: "mukhiya gurung" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 18, 2002 1:44 AM Subject: radius install problemo: help > > > **I get this error message when i ran this command radiusd -X: > > > [root@dhcppc3 raddb]# radiusd -X > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /usr/local/etc/raddb/proxy.conf > Config: including file: /usr/local/etc/raddb/clients.conf > Config: including file: /usr/local/etc/raddb/snmp.conf > Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/usr/local/var" > main: logdir = "/usr/local/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/usr/local/var/log/radius/radacct" > main: hostname_lookups = no > read_config_files: reading dictionary > read_config_files: reading clients > read_config_files: reading realms > read_config_files: reading naslist > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > security: max_attributes = 200 > security: reject_delay = 1 > main: debug_level = 0 > read_config_files: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded System > unix: cache = yes > unix: passwd = "/etc/passwd" > unix: shadow = "(null)" > unix: group = "/etc/group" > unix: radwtmp = "/usr/local/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > HASH: Reinitializing hash structures and lists for caching... > rlm_unix: You MUST specify a shadow password file! > HASH: unable to create user hash table. disable caching and run debugs > radiusd.conf[462]: unix: Module instantiation failed. > > > ***When i ran the radtest command i get this error: > > [root@dhcppc3 raddb]# radtest test test localhost 0 testing123 > Sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > Re-sending Access-Request of id 166 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" > NAS-IP-Address = dhcppc3 > NAS-Port-Id = "0" > radclient: no response from server > > > Can Someone please advise be on what i am doing wrong or what needs to fixed > ? > > thanks > > Mike ([EMAIL PROTECTED]) > > > ___
Re: Cisco accounting
i have 2 cisco ( 3620 and AS5300) with freeradius 0.5 and accounting work fine. the config of cisco are. aaa accounting send stop-record authentication failure aaa accounting delay-start aaa accounting update periodic 1 aaa accounting network default start-stop group radius radius-server host 192.168.0.4 auth-port 1645 acct-port 1646 key 7 X radius-server retransmit 3 and work fine. whis that this help you. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 18, 2002 5:05 AM Subject: Cisco accounting > I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is > working just fine. But accounting only works on Foundry and not Cisco. I'm > not sure if anyone has experienced this in the pass. Any help is > appreciated. > > Regards > Mathias, > > > DISCLAIMER > This e-mail is intended only for the use of the addressees named above and > may be confidential. If you are not an addressee you must not read it and > must not use any information contained in nor copy it nor inform any person > other than TeleCity Limited or the addressees of its existence or contents. > If you have received this email and are not a named addressee, please delete > it and notify the TeleCity IT department on 0161 226 7643 or by email at > [EMAIL PROTECTED] > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius install problemo: help
**I get this error message when i ran this command radiusd -X: [root@dhcppc3 raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "(null)" unix: group = "/etc/group" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... rlm_unix: You MUST specify a shadow password file! HASH: unable to create user hash table. disable caching and run debugs radiusd.conf[462]: unix: Module instantiation failed. ***When i ran the radtest command i get this error: [root@dhcppc3 raddb]# radtest test test localhost 0 testing123 Sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = "test" User-Password = "\367\303#\n\007\322GS\254\025x\252\240\005\2017" NAS-IP-Address = dhcppc3 NAS-Port-Id = "0" radclient: no response from server Can Someone please advise be on what i am doing wrong or what needs to fixed ? thanks Mike ([EMAIL PROTECTED]) _ Chat with friends online, try MSN Messenger: http://messenger.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MacOS X & FreeRADIUS (yet again)
On 9/17/02 5:55 AM, "Alan DeKok" <[EMAIL PROTECTED]> wrote: > Philip Kearney <[EMAIL PROTECTED]> wrote: > >> I set cache = no in radiusd.conf and then did radiusd -X > > No, that won't help. You should also comment out the 'passwd', > 'shadow', and 'group' configurations, too. That works! :-) No seg-fault anymore and running radtest returns the proper Access-Accept or Access-Reject messages for unknown users versus those defined on the machine. So basically it works great now! yay! :-) And now to summarise for anyone wanting to get it up and running on MacOS X: -- 0) download, unzip and untar freeradius.tar.gz 1) $ ./configure --disable-shared (So static libraries are built) 2) Modify ./src/include/sysutmp.h to #undef HAVE_UTMP_H 3) Modify ./src/modules/rlm_pam/rlm_pam.c to change the include directive from #include to #include 4) Modify ./src/modules/rlm_sql/drivers/rlm_sql_iodbc/sql_iodbc.c, line 214 to change the return type of that function to SQL_ROW so it matches the function prototype in sql_iodbc.h. One could also instead change the return type to int in the header file sql_iodbc.h. 5) $ cd ./src 6) $ make 7) $ make install 8) Modify radiusd.conf as follows: In the unix section: 8a) set "cache = no" 8b) set "cache_reload = 0" 8c) COMMENT OUT the "passwd =", "shadow =", and "group =" lines. 8d) Save changes and exit whatever editor you used to edit radiusd.conf. 9) Now run radiusd -X and test things out with radtest. 10) Assuming everything works, set up your clients.conf and other config files as appropriate to suit your needs and set radiusd to run on boot and you're done. You now have FreeRADIUS running under MacOS X. *Note: I did all of my ./configure and make, etc. under sudo. -- As far as the mods I had to do, the config scripts should probably be modified so that the default is static libraries when compiling under MacOS X. Also the config stuff should explicitly make sure that HAVE_UTMP_H is NOT defined when compiling under MacOS X. Then in rlm_pam.c someone can add an #if defined(MacOSX) or something (whatever the makefile guys decide to define for when one is compiling on a Mac) so that you have: #if !defined(MacOSX) #include #else /* MacOS X puts pam_appl.h in a different directory */ #include #endif The last one in sql_iodbc.c/sql_iodbc.h is just a bug which should be caught by more compilers. The function returns an int not a SQL_ROW, it's plain to see when looking at the source. The header file sql_iodbc.h should be corrected so the function prototype matches the function definition in the source file. With those simple mods to configure and two source files, MacOS X users should be able to do like everyone else, ./configure; make; make install and have FreeRADIUS running easily on any Mac booting MacOS X. If someone then adds comments to radiusd.conf telling MacOS X users to set cache to no and comment out the passwd, shadow, and group lines. No one trying to get radiusd to a testable state under MacOS X should have any problems. If/When the above changes are made so it just compiles and works on MacOS X, let me know via e-mail and I'll download that rev of the source and test the changes out. That's about it. FreeRADIUS works for me and I'm happy now. :-) All the best, PK - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New Question
cool thanks for the info that helps alot. I though about just coping it all to a temp dir and doing it then just coping it back if it got screwed up but that probably would be better that way I would always have a archived backup handy. - Original Message - From: "Kevin Bonner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 9:58 PM Subject: Re: New Question Nick, The Makefile is setup so that it won't overwrite your config files. You should be fine by running 'make install'. If you're nervous of doing this, just tar up your raddb directory so you have a way to undo what has been done. Kevin On Tuesday 17 September 2002 22:39, Nick Marino wrote: > Is there a way to upgrade to the lastest version of radius with out > overwritting my current config files? > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] Re: User Lock Out
well I still havent figured out how to control individual users times they are alowed on the system and duration other than making everyone one unlimited time. I dont see where that is located either. - Original Message - From: "Tim McCracken" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 9:52 PM Subject: RE: fradius] Re: User Lock Out > I recently asked if Free Radius would recognize the Expiration-Date > attribute and was told it would, so that should work. It should send an > Auth-Reject if the current date/time is later than the expiration date. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Nick Marino > Sent: Tuesday, September 17, 2002 9:37 PM > To: [EMAIL PROTECTED] > Subject: Re: fradius] Re: User Lock Out > > > My original post was "is there anyway to do it in DIALUP ADMIN that comes > with free radius to lock a user out other than chaning thier password". > > - Original Message - > From: "R P Herrold" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, September 17, 2002 9:33 PM > Subject: Re: fradius] Re: User Lock Out > > > > On Tue, 17 Sep 2002, Nick Marino wrote: > > > > > dont see that anywhere in dialup admin, and I am using a sql database > for > > > auth not linux. > > > > Ahhh ... I have a presentation on the general topic of command > > shell MySQL access (in part) at: > >http://www.colug.net/notes/0208mtg/ > > > > This code fragment should work ... > > > > > > $select1 = "select passwdhash from usertable \ > > where userid = '$userid' \ > > limit 1"; > > $result1 = mysql_query($select1); > > $row1 = mysql_fetch_assoc($result); > > $t_passwdhash = $row1["passwdhash"]; > > $t_passwdhash = "*20020917*" . $passwdhash; > > $select2 = "update usertable set passwdhash = '$passwdhash' \ > > where userid = '$userid'"; > > $result2= mysql_query($select2); > > > > > > -- Russ Herrold > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusreport
Dear all, We have configured the freeradius and it ran. But there's one problem. We manage to come across the radiusreport programed by Mr Greg But in order to run itwe need a detail file. But we couldn't find a detail file in any of the folders. And there's also nothing in the radacct folder. Why? How ae we going to make radiusreport work? Please help thanksJoin the worlds largest e-mail service with MSN Hotmail. Click Here - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco accounting
On Tue, Sep 17, 2002 at 10:03:42PM -0700, Frank Cusack wrote: > So, as I said, this is not supported on Cisco w/ RADIUS. Look at the > Cisco docs, it says this explicitly. > > ( cco->ios->12.2->security->aaa->accounting->command accounting ... I think) http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfacct.htm#xtocid10 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco accounting
On Wed, Sep 18, 2002 at 05:35:52AM +0100, [EMAIL PROTECTED] wrote: > If someone logs in to a router and issue a command, this is recorded in a > file. I currently use IOS 12.2 The following commands are configured on the > Cisco router. So, as I said, this is not supported on Cisco w/ RADIUS. Look at the Cisco docs, it says this explicitly. ( cco->ios->12.2->security->aaa->accounting->command accounting ... I think) > Foundry has the same config and is working as it should. Below is a snapshot > of the file freeradius has generated for a Foundry. So Foundry got it right. There's no REASON it's not easily supportable; Cisco just chose not to implement it I guess. You should open a bug. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco accounting
If someone logs in to a router and issue a command, this is recorded in a file. I currently use IOS 12.2 The following commands are configured on the Cisco router. this mailto:[EMAIL PROTECTED]] Sent: 18 September 2002 05:09 To: [EMAIL PROTECTED] Subject: Re: Cisco accounting On Wed, Sep 18, 2002 at 04:05:58AM +0100, [EMAIL PROTECTED] wrote: > I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is > working just fine. But accounting only works on Foundry and not Cisco. I'm > not sure if anyone has experienced this in the pass. Any help is > appreciated. Exactly what kind of accounting are you talking about here? Cisco IOS (up to 12.1 at least) does not support command accounting via RADIUS. Other accounting should be supported but I have no further info on it. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than TeleCity Limited or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the TeleCity IT department on 0161 226 7643 or by email at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco accounting
On Wed, Sep 18, 2002 at 04:05:58AM +0100, [EMAIL PROTECTED] wrote: > I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is > working just fine. But accounting only works on Foundry and not Cisco. I'm > not sure if anyone has experienced this in the pass. Any help is > appreciated. Exactly what kind of accounting are you talking about here? Cisco IOS (up to 12.1 at least) does not support command accounting via RADIUS. Other accounting should be supported but I have no further info on it. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco accounting
I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is working just fine. But accounting only works on Foundry and not Cisco. I'm not sure if anyone has experienced this in the pass. Any help is appreciated. Regards Mathias, DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than TeleCity Limited or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the TeleCity IT department on 0161 226 7643 or by email at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New Question
Nick, The Makefile is setup so that it won't overwrite your config files. You should be fine by running 'make install'. If you're nervous of doing this, just tar up your raddb directory so you have a way to undo what has been done. Kevin On Tuesday 17 September 2002 22:39, Nick Marino wrote: > Is there a way to upgrade to the lastest version of radius with out > overwritting my current config files? > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: fradius] Re: User Lock Out
I recently asked if Free Radius would recognize the Expiration-Date attribute and was told it would, so that should work. It should send an Auth-Reject if the current date/time is later than the expiration date. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nick Marino Sent: Tuesday, September 17, 2002 9:37 PM To: [EMAIL PROTECTED] Subject: Re: fradius] Re: User Lock Out My original post was "is there anyway to do it in DIALUP ADMIN that comes with free radius to lock a user out other than chaning thier password". - Original Message - From: "R P Herrold" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 9:33 PM Subject: Re: fradius] Re: User Lock Out > On Tue, 17 Sep 2002, Nick Marino wrote: > > > dont see that anywhere in dialup admin, and I am using a sql database for > > auth not linux. > > Ahhh ... I have a presentation on the general topic of command > shell MySQL access (in part) at: >http://www.colug.net/notes/0208mtg/ > > This code fragment should work ... > > > $select1 = "select passwdhash from usertable \ > where userid = '$userid' \ > limit 1"; > $result1 = mysql_query($select1); > $row1 = mysql_fetch_assoc($result); > $t_passwdhash = $row1["passwdhash"]; > $t_passwdhash = "*20020917*" . $passwdhash; > $select2 = "update usertable set passwdhash = '$passwdhash' \ > where userid = '$userid'"; > $result2= mysql_query($select2); > > > -- Russ Herrold > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
New Question
Is there a way to upgrade to the lastest version of radius with out overwritting my current config files? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] Re: User Lock Out
My original post was "is there anyway to do it in DIALUP ADMIN that comes with free radius to lock a user out other than chaning thier password". - Original Message - From: "R P Herrold" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 9:33 PM Subject: Re: fradius] Re: User Lock Out > On Tue, 17 Sep 2002, Nick Marino wrote: > > > dont see that anywhere in dialup admin, and I am using a sql database for > > auth not linux. > > Ahhh ... I have a presentation on the general topic of command > shell MySQL access (in part) at: >http://www.colug.net/notes/0208mtg/ > > This code fragment should work ... > > > $select1 = "select passwdhash from usertable \ > where userid = '$userid' \ > limit 1"; > $result1 = mysql_query($select1); > $row1 = mysql_fetch_assoc($result); > $t_passwdhash = $row1["passwdhash"]; > $t_passwdhash = "*20020917*" . $passwdhash; > $select2 = "update usertable set passwdhash = '$passwdhash' \ > where userid = '$userid'"; > $result2= mysql_query($select2); > > > -- Russ Herrold > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] Re: User Lock Out
On Tue, 17 Sep 2002, Nick Marino wrote: > dont see that anywhere in dialup admin, and I am using a sql database for > auth not linux. Ahhh ... I have a presentation on the general topic of command shell MySQL access (in part) at: http://www.colug.net/notes/0208mtg/ This code fragment should work ... $select1 = "select passwdhash from usertable \ where userid = '$userid' \ limit 1"; $result1= mysql_query($select1); $row1 = mysql_fetch_assoc($result); $t_passwdhash = $row1["passwdhash"]; $t_passwdhash = "*20020917*" . $passwdhash; $select2 = "update usertable set passwdhash = '$passwdhash' \ where userid = '$userid'"; $result2= mysql_query($select2); -- Russ Herrold - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] User Lock Out
Am I in the wrong place? I am not authenticating against linux users. - Original Message - From: "R P Herrold" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 9:23 PM Subject: Re: fradius] User Lock Out > On Tue, 17 Sep 2002, Nick Marino wrote: > > > Is there a way to lock a user out in Dialup Admin, other than changing their > > password? > >passwd -l userid > > see man passwd > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] User Lock Out
On Tue, 17 Sep 2002, Nick Marino wrote: > Is there a way to lock a user out in Dialup Admin, other than changing their > password? passwd -l userid see man passwd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Lock Out
dont see that anywhere in dialup admin, and I am using a sql database for auth not linux. - Original Message - From: "Marcin Groszek" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 9:11 PM Subject: Re: User Lock Out > Change the user shel to /dev/null. > > > Nick Marino wrote: > > > Is there a way to lock a user out in Dialup Admin, other than changing their > > password? > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > -- > Best Regards: Marcin Groszek > Http://www.hostplus.net > Where we offer: > Server Co-location, Web Site Hosting and Internet Access. > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Lock Out
Change the user shel to /dev/null. Nick Marino wrote: > Is there a way to lock a user out in Dialup Admin, other than changing their > password? > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards: Marcin Groszek Http://www.hostplus.net Where we offer: Server Co-location, Web Site Hosting and Internet Access. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Server Can't Authnticate Login
could be the same problem I had which was I didnt have the auth-type set in my NAS. - Original Message - From: "Ahmad S. Taneo" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 8:09 AM Subject: Radius Server Can't Authnticate Login > Hi!!! > > I am using freeradius-7.0 in a redhat 7.2 kernel of linux. I have > successfully installed freeeradius and binded it to ldap. My problem is > when i tried testing the radius server as a dial in server for remote > pc, the portslave recognizes incoming call but somehow can't > authenticate the login process. but when testing raidius server it gives > an "Access-Accept" to the binded ldap server. I have checked log for > radius and it seems it doesn't give any information at all. It's just > that the connection died somehow. I would appreciate any help you can > give me from anyone of you out there.. > > ahmadz > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User Lock Out
Is there a way to lock a user out in Dialup Admin, other than changing their password? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fail to Start
Hi It fails too. # ./radiusd & [1] 9782 MMPdb_DEV:/usr/local/sbin# Wed Sep 18 09:21:14 2002 : Info: Starting - reading configuratio n files ... [1] + Done./radiusd & The freeradius-0.7 is running on solaris2.7 and it is fine in debug mode "radiusd -X" Thanks K --- Ruslan Balkin <[EMAIL PROTECTED]> wrote: > On Tue, 17 Sep 2002 18:38:24 +0800 (CST) > ho k wrote: > > > Hi > > I cannot run freeradius in backgroud. Everything > seems > > alright after enter "radiusd" > > > > # ./radiusd > radiusd & > ? > > -- > Balkin Ruslan > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP/Cisco Catalyst/freeradius-snapshot-20020916
Here's the startup of radiusd -X -s Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib:/usr/lib:/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "yes" main: lower_pass = "yes" main: nospace_user = "yes" main: nospace_pass = "yes" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib:/usr/lib:/lib Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de tail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 0 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp. Ready to process requests. This freeradius snapshot is running on Solaris 8 On 9/17/02 6:03 PM, "Artur Hecker" <[EMAIL PROTECTED]> wrote: > > > Lim Sei Wei wrote: >> >> I have commented all the DEFAULT authtype examples in the file and this is >> the only entry in there >> myuser Auth-Type = Local, User-Password == "mypassword" >> > > yes, and that's the problem, too :-) change it to: > > myuser Auth-Type := Local, User-Password == "mypassword" > > and try again please. > > > regards, > artur > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP/Cisco Catalyst/freeradius-snapshot-20020916
Hi When I change that and put that in, this is the error message I get auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Sending Access-Reject of id 58 to 10.0.0.212:1812 And windows reject it straight away. On 9/17/02 6:03 PM, "Artur Hecker" <[EMAIL PROTECTED]> wrote: > > > Lim Sei Wei wrote: >> >> I have commented all the DEFAULT authtype examples in the file and this is >> the only entry in there >> myuser Auth-Type = Local, User-Password == "mypassword" >> > > yes, and that's the problem, too :-) change it to: > > myuser Auth-Type := Local, User-Password == "mypassword" > > and try again please. > > > regards, > artur > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie, Radius and mgetty and ppp
Hi, I am quiete new with linux and still have difficulies to unserstand or find the documentation. I have a machine with SuSE 8.0 as a dialin serve, using mgetty with Auto_ppp for dialin. Everything works fine, but now I want to use RADIUS for the authetification. How do I do that in the most simple way? With kind regards Juergen Peters General Manager Tropico Network S. de R. L. email: [EMAIL PROTECTED] Tel: ++504 440 1461 Fax: ++504 443 0660 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Group reject
I have install freeradius 0.7.1 on slackware 8.0 with shadow password Installation was ok and basic functions are working. I have experience problems wen i try to deny access to one of the groups on the radius server Following instruction did not help. I try : DEFAULT Group == "users" , Auth-Type :=Reject DEFAULT Group == users , Auth-Type :=Reject DEFAULT Group == "users" , Auth-Type =Reject DEFAULT Group == users , Auth-Type =Reject And more before: DEFAULT Auth-Type := System but nothing work. User marcin , group users was always able to authenticate. This is a debug of the auth process: rad_recv: Access-Request packet from host 216.168.1.38:4751, id=131, length=81 NAS-IP-Address = 216.168.1.38 Calling-Station-Id = "204.251.93.250" User-Name = "[EMAIL PROTECTED]" User-Password = "\274\252\2162\275\rS+\305F.\240\007Ia" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm hostplus.net for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm hostplus.net rlm_realm: Adding Stripped-User-Name = "marcin" rlm_realm: Proxying request from user marcin to realm hostplus.net rlm_realm: Adding Realm = "hostplus.net" rlm_realm: Authentication realm is LOCAL. rlm_realm: auth_port is not set. proxy cancelled modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 6 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns ok modcall: group authenticate returns ok Login OK: [[EMAIL PROTECTED]] (from client supernews port 0 cli 204.251.93.250) Sending Access-Accept of id 131 to 216.168.1.38:4751 Finished request 4 Going to the next request And one more thing. Will i be able to limit access based on Called-Station-id ? If so what would be a process to set this up? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Chaining Radius Authentication
At 02:25 PM 9/17/2002 -0500, Ryan Parlee wrote: >Hello, > >I am co-branding an ISP's existing infrastructure to create my own ISP. >They currently use Livingston for their Radius server and I am wanting to >use FreeRadius. Is it possible to have authentication pass from their >Radius server to mine? > >My users call in on the same phone number, so the only way to tell them >apart is by username/password, although, it might also work to have >different authentication methods (ie. CHAP versus PAP). Can anyone offer >suggestions on how to accomplish this? Depending on the version, yes this is possible. The auth method is radius-server agnostic on the proxy-side. IE, if the NAS can do both CHAP and PAP, then both should be able to passed to your server. The one thing to watch for is the version of Livingston Radius. It should be version 2.1 for this to work on their side. Earlier versions do not support proxy radius. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Chaining Radius Authentication
Assuming that you don't have any existing users, just setup a proxy. It is all very well documented. Your user's just add a realm (your domain) on the end of their username, and his server proxies to you any users with that realm. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Parlee Sent: Tuesday, September 17, 2002 2:26 PM To: [EMAIL PROTECTED] Subject: Chaining Radius Authentication Hello, I am co-branding an ISP's existing infrastructure to create my own ISP. They currently use Livingston for their Radius server and I am wanting to use FreeRadius. Is it possible to have authentication pass from their Radius server to mine? My users call in on the same phone number, so the only way to tell them apart is by username/password, although, it might also work to have different authentication methods (ie. CHAP versus PAP). Can anyone offer suggestions on how to accomplish this? Thanks, Ryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Chaining Radius Authentication
Hello, I am co-branding an ISP's existing infrastructure to create my own ISP. They currently use Livingston for their Radius server and I am wanting to use FreeRadius. Is it possible to have authentication pass from their Radius server to mine? My users call in on the same phone number, so the only way to tell them apart is by username/password, although, it might also work to have different authentication methods (ie. CHAP versus PAP). Can anyone offer suggestions on how to accomplish this? Thanks, Ryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VoIP ASR generation from Radius CDRs
Hello, I am using Freeradius for VoIP accounting CDR generation from Cisco NAS. I was wondering if there are any open source or commercial tools out there for parsing detail files for ASR (Average Success Rate) generation. I found a python script at [1] that appears to do batch-mode analysis. I could use this and/or modify it, but I was also looking for something that did realtime (near realtime) analysis of the detail file. Just looking for something so that I don't have to re-invent the wheel. [1] "Wilane's Den" http://www.cyg.sn/perso/wilane/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: internet authentication
Your application doesn't sound like a typical radius application. Sorry for all the questions, but I think people on this list are going to need more information about what you are trying to do. You probably are going to have to explain your configuration in more detail. When you say you are using radius to autheticate users to a cisco router, what is the model number of the router, and are you actually authenticating to terminal server ports, management sessions, or what? Exactly how are the users connected to the router, and why are you trying to authenticate them to a router? Are you using a firewall or proxy server? If so, what kind Your router really is just a router and not a NAS such as an Ascend MAX or TNT, or Cisco 5x00, or something else? And you really have no dial-up server (NAS) or other Network Access Server? What is the user environment? Windows PCs, Xnix workstaions, or? Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Javier Santos Sent: Tuesday, September 17, 2002 11:58 AM To: [EMAIL PROTECTED] Subject: Re: internet authentication I don't have dial up server. I have a LAN conected to router On Tue, 17 Sep 2002 10:53:55 -0600 "Javier Santos" <[EMAIL PROTECTED]> wrote: >I have RAIDIUS running to authentication cisco router >users. > >I need to authenticate users to access internet. > >someone has an idea howto configure router and radius to >do this?? > >Thanks >Navega con el internet gratis de Amnet! Visitar >http://www.amnetsal.com! >para cualquier consulta llamar al 247-8000 > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html Navega con el internet gratis de Amnet! Visitar http://www.amnetsal.com! para cualquier consulta llamar al 247-8000 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: internet authentication
My first inclination is to recommend using a PROXY server to control their access to the Internet. Does your router support Radius authentication for network requests? David Payer OMNI Internet - www.iowalink.com 550 11th St #205, Des Moines, IA 50309 515-244-6664 - Original Message - From: "Javier Santos" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 17, 2002 11:58 AM Subject: Re: internet authentication > I don't have dial up server. > > I have a LAN conected to router > > > On Tue, 17 Sep 2002 10:53:55 -0600 > "Javier Santos" <[EMAIL PROTECTED]> wrote: > >I have RAIDIUS running to authentication cisco router > >users. > > > >I need to authenticate users to access internet. > > > >someone has an idea howto configure router and radius to > >do this?? > > > >Thanks > >Navega con el internet gratis de Amnet! Visitar > >http://www.amnetsal.com! > >para cualquier consulta llamar al 247-8000 > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > Navega con el internet gratis de Amnet! Visitar http://www.amnetsal.com! > para cualquier consulta llamar al 247-8000 > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: internet authentication
I don't have dial up server. I have a LAN conected to router On Tue, 17 Sep 2002 10:53:55 -0600 "Javier Santos" <[EMAIL PROTECTED]> wrote: >I have RAIDIUS running to authentication cisco router >users. > >I need to authenticate users to access internet. > >someone has an idea howto configure router and radius to >do this?? > >Thanks >Navega con el internet gratis de Amnet! Visitar >http://www.amnetsal.com! >para cualquier consulta llamar al 247-8000 > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html Navega con el internet gratis de Amnet! Visitar http://www.amnetsal.com! para cualquier consulta llamar al 247-8000 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
internet authentication
I have RAIDIUS running to authentication cisco router users. I need to authenticate users to access internet. someone has an idea howto configure router and radius to do this?? Thanks Navega con el internet gratis de Amnet! Visitar http://www.amnetsal.com! para cualquier consulta llamar al 247-8000 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: radius.conf
I try to install OpenLDAP on a Windows machine but I get the following error: "c:\OpenLDAP\sysconf\slapd.conf: No such file or directory". How can I change the slapd.conf file path? _ Play the Elvis® Scratch & Win for your chance to instantly win $10,000 Cash - a 2003 Harley Davidson® Sportster® - 1 of 25,000 CD's - and more! http://r.lycos.com/r/sagel_mail_scratch_tl/http://win.ipromotions.com/lycos_020801/index.asp?tc=7087 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MacOS X & FreeRADIUS (yet again)
> No, that won't help. You should also comment out the 'passwd', > 'shadow', and 'group' configurations, too. And, if you aren't already, you may need to run radiusd as "root". BSD based systems use an automatic password shadowing setup. If getpwent() is call as root, the shadow file is read and the password is returned in the passwd struct. If a normal user calls getpwent(), "*" is always retruned for the password. ->Spike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stale ISDN connections on Cisco 5300
Hi, I am using Freeradius-0.7 on a linux machine. My access servers are Cisco 5300. I have noticed that in the case of the stale ISDN connections "checkrad" does not work very well. For instance an ISDN stale connection cannot be detected immediately by checkrad. The problem seems to be the "snmpwalk" command in "checkrad" (shown below) that checks the "isdn history" on the access server instead of the actual connected isdn users. The isdn history on a C5300 can keep disconnected isdn calls for a maximum of 15 minutes. If a stale user tries to reconnect within 15 minutes of his disconnection he will be rejected. Any ideas how to solve this problem? if($login eq $ARGV[3]) { return 1; }else{ $out=`$snmpwalk $ARGV[1] $pass .iso.org.dod.internet.private.enterprises.9.9.27.1.1.3.1.7`; if($out=~/\"$ARGV[3]\"/){ return 1; }else{ return 0; } Iasonas ___ Iasonas Charalambousemail: [EMAIL PROTECTED] CYPRUS TELECOM. AUTHORITY FAX: + 357 2 486634 Value Added Serviceswww: http://www.cytanet.com.cy Telecommunications Str P.O.Box 24929, CY-1396 Nicosia, Cyprus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: radius.conf
hi > Here is my user in /etc/passwd > > demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet > > until know the user config file, is the user.sample with no change can you login locally with the password you used? does radius read both /etc/passwd AND /etc/shadow? i can't see it in the log since you truncated it. > rlm_unix: [demo]: invalid password > modcall[authenticate]: module "unix" returns reject > modcall: group authenticate returns reject > auth: Failed to validate the user. ciao artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP/PAP Authentication
Auth-Type can be an arbitrary value. I use something like this to make chap or pap available to the same set of users: in users: DEFAULT Auth-Type := CHAPPAP in authenticate block radiusd.conf: authtype CHAPPAP { chap pap } -Shawn On Tue, 17 Sep 2002, ho k wrote: > Hi > > Hi > How can the user profile be set such that the PAP or > CHAP call may be vertified. > If I used: > > > DEFAULT Auth-Type := PAP > Fall-Through = 1 > > the debug output is: > > modcall: group authorize returns ok > rad_check_password: Found Auth-Type PAP > auth: type "PAP" > modcall: entering group authtype > rlm_pap: Attribute "Password" is required for > authentication. Cannot use "CHAP-Password". > modcall[authenticate]: module "pap" returns invalid > modcall: group authtype returns invalid > auth: Failed to validate the user. > > for CHAP user. > > Regards > K > > > ___ > Do You Yahoo!? > Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Shawn K. O'Shea Sr. Unix Administrator DSL.net, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: R: radius.conf
Ok i commented out some parts of the radius.conf ( no proxy ) Here is my user in /etc/passwd demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet until know the user config file, is the user.sample with no change ... modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "demo" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate rlm_unix: [demo]: invalid password modcall[authenticate]: module "unix" returns reject modcall: group authenticate returns reject auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 217 to 127.0.0.1:3315 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 217 with timestamp 3d872403 Nothing to do. Sleeping until we see a request -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Per conto di Artur Hecker Inviato: martedi 17 settembre 2002 11.58 A: [EMAIL PROTECTED] Oggetto: Re: R: radius.conf hi > I must apologize for this, I din't realize immediately that would be a > problem, sorry. > > I read the radius.conf, but I don't understand it, I mean > I don't understand if I need only unix/etc/passwd i must configure all > other stuff > as: > acct_users > huntgroups > clients.conf > users > dictionary > hints > realms so, just comment out everything you don't need in the radiusd.conf, it's organized in modules. > > and the following error ?? > rlm_realm: Looking up realm NULL for User-Name = "demo" > what does it mean ?? it means that the proxying module takes the user "demo", looks up the preconfigured suffix in it, doesn't find any, thus sets the realm part of the user name to NULL (empty, nothing) and do not proxy the request since such a realm is not configured. it's not really an error. e.g. demo@foo would have produced the same but with realm "foo" since @ is a configured suffix. just deactivate proxying if you don't need all that. > I nead real configurations whether I use unix passwd ? > > log ---> doing the test:radtest demo demo localhost 0 testing123 > > Ready to process requests. > rad_recv: Access-Request packet from host 127.0.0.1:2915, id=255, length=53 > User-Name = "demo" > User-Password = "Nq\365\213\316\t\374U\3122n~dc2\323" > NAS-IP-Address = 255.255.255.255 > NAS-Port-Id = "0" > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > rlm_realm: Looking up realm NULL for User-Name = "demo" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns ok > rad_check_password: Found Auth-Type System > auth: type "System" > modcall: entering group authenticate > rlm_unix: [demo]: invalid password > modcall[authenticate]: module "unix" returns reject > modcall: group authenticate returns reject > auth: Failed to validate the user. sure that the password of your user "demo" IS "demo"? does the user exist? please post the user configuration. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter.c in CVS
On Tue, 17 Sep 2002, Alan DeKok wrote: > Andrea Gabellini <[EMAIL PROTECTED]> wrote: > > If I use a query string greater than 256 I got a Segmentation fault, but if > > I use a query minor than 256 it works well. > > That should be a simple bug to fix. > > > Debugging the code I notice that the problem is in the sqlcounter_authorize > > when it call the radius_xlat funcion on line 512. > > Hmm.. it uses MAX_QUERY_LEN, which is 4096. Can you email a > backtrace from gdb to the list (or the -devel list, probably). See > 'doc/bugs' for more information. > > It sounds like *something* isn't checking buffer sizes, and there's > no way of tellling without a back trace. > > Alan DeKok. See http://lists.cistron.nl/archives/freeradius-devel/2002/09/msg00091.html and http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg09243.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MacOS X & FreeRADIUS (yet again)
Scott Silzer <[EMAIL PROTECTED]> wrote: > I don't think that system based auth will work in OSX as it uses > netinfo for most of its internal AAA, however LDAP, xSQL and flat/db > files should work. The use of 'netinfo' shouldn't be a problem. Many systems use yp to store passwords, and there's no yp code in the server. All that matters is that the system's "getpwent" function ends up calling the Right Thing. Then, any application can just use getpwent(), and it will Just Work, on all the platforms. Alan DeKok, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter.c in CVS
Andrea Gabellini <[EMAIL PROTECTED]> wrote: > If I use a query string greater than 256 I got a Segmentation fault, but if > I use a query minor than 256 it works well. That should be a simple bug to fix. > Debugging the code I notice that the problem is in the sqlcounter_authorize > when it call the radius_xlat funcion on line 512. Hmm.. it uses MAX_QUERY_LEN, which is 4096. Can you email a backtrace from gdb to the list (or the -devel list, probably). See 'doc/bugs' for more information. It sounds like *something* isn't checking buffer sizes, and there's no way of tellling without a back trace. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Server Can't Authnticate Login
Hi!!! I am using freeradius-7.0 in a redhat 7.2 kernel of linux. I have successfully installed freeeradius and binded it to ldap. My problem is when i tried testing the radius server as a dial in server for remote pc, the portslave recognizes incoming call but somehow can't authenticate the login process. but when testing raidius server it gives an "Access-Accept" to the binded ldap server. I have checked log for radius and it seems it doesn't give any information at all. It's just that the connection died somehow. I would appreciate any help you can give me from anyone of you out there.. ahmadz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MacOS X & FreeRADIUS (yet again)
Philip Kearney <[EMAIL PROTECTED]> wrote: > I set cache = no in radiusd.conf and then did radiusd -X No, that won't help. You should also comment out the 'passwd', 'shadow', and 'group' configurations, too. If it still doesn't work, then from a shell, do 'man getpwent', and mail the results to the list. Or, if you're feeling adventurous, install ssh, and give me a user account. I should be able to find 15 minutes to poke around the system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AAA???
At 11:48 AM 9/17/2002 +0300, Peter Nixon wrote: >On Wed, 7 Aug 2002 10:42:35 +0400 >"Alexander M. Pravking" <[EMAIL PROTECTED]> wrote: > > > On Wed, Aug 07, 2002 at 12:18:20PM +0700, Yury Bokhoncovich wrote: > > > Hi! > > > > > > On Wed, 7 Aug 2002, äÉÎÁÒ wrote: > > > > > > > Is it possible to make AAA(Authorization, Authentication, Accounting) > > > > > > Sure. I've got that beast on with our Pg (7.2.1 at the momemt). > > > I don't recommended to use versions lesser than 7.0.1. > > > IIRC there is problem with timestamp format in sql.conf or so. > > > > You should probably use raddb/postgresql.conf, > > but timestamp processing there seems incorrect for me too, > > along with some other things. > > > > BTW, who does maintain raddb/*sql.conf? > > I see no $Id$ there. > >Good question! Where do we send patches/fixes? The freeradius-devel list is probably the best place. http://www.freeradius.org/development.html -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fail to Start
On Tue, 17 Sep 2002 18:38:24 +0800 (CST) ho k wrote: > Hi > I cannot run freeradius in backgroud. Everything seems > alright after enter "radiusd" > > # ./radiusd radiusd & ? -- Balkin Ruslan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fail to Start
Hi I cannot run freeradius in backgroud. Everything seems alright after enter "radiusd" # ./radiusd Tue Sep 17 18:34:01 2002 : Info: Starting - reading configuration files ... I have already commented out user = root group = nobody in radiusd.conf Regards K ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP/PAP Authentication
Hi Hi How can the user profile be set such that the PAP or CHAP call may be vertified. If I used: DEFAULT Auth-Type := PAP Fall-Through = 1 the debug output is: modcall: group authorize returns ok rad_check_password: Found Auth-Type PAP auth: type "PAP" modcall: entering group authtype rlm_pap: Attribute "Password" is required for authentication. Cannot use "CHAP-Password". modcall[authenticate]: module "pap" returns invalid modcall: group authtype returns invalid auth: Failed to validate the user. for CHAP user. Regards K ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter.c in CVS
On Tue, 17 Sep 2002, Andrea Gabellini wrote: > Hi, > > I'm using the sqlcounter version of the latest CVS because I need more than > 256 characters in the query string. > > If I use a query string greater than 256 I got a Segmentation fault, but if > I use a query minor than 256 it works well. > > Debugging the code I notice that the problem is in the sqlcounter_authorize > when it call the radius_xlat funcion on line 512. > > I'm searching a workaround without luck. Can you help me? > > Andrea This is a bug in the xlat function. Unfortunately, there's no fix yet. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP/Cisco Catalyst/freeradius-snapshot-20020916
Lim Sei Wei wrote: > > I have commented all the DEFAULT authtype examples in the file and this is > the only entry in there > myuser Auth-Type = Local, User-Password == "mypassword" > yes, and that's the problem, too :-) change it to: myuser Auth-Type := Local, User-Password == "mypassword" and try again please. regards, artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: radius.conf
hi > I must apologize for this, I din't realize immediately that would be a > problem, sorry. > > I read the radius.conf, but I don't understand it, I mean > I don't understand if I need only unix/etc/passwd i must configure all > other stuff > as: > acct_users > huntgroups > clients.conf > users > dictionary > hints > realms so, just comment out everything you don't need in the radiusd.conf, it's organized in modules. > > and the following error ?? > rlm_realm: Looking up realm NULL for User-Name = "demo" > what does it mean ?? it means that the proxying module takes the user "demo", looks up the preconfigured suffix in it, doesn't find any, thus sets the realm part of the user name to NULL (empty, nothing) and do not proxy the request since such a realm is not configured. it's not really an error. e.g. demo@foo would have produced the same but with realm "foo" since @ is a configured suffix. just deactivate proxying if you don't need all that. > I nead real configurations whether I use unix passwd ? > > log ---> doing the test:radtest demo demo localhost 0 testing123 > > Ready to process requests. > rad_recv: Access-Request packet from host 127.0.0.1:2915, id=255, length=53 > User-Name = "demo" > User-Password = "Nq\365\213\316\t\374U\3122n~dc2\323" > NAS-IP-Address = 255.255.255.255 > NAS-Port-Id = "0" > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > rlm_realm: Looking up realm NULL for User-Name = "demo" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns ok > rad_check_password: Found Auth-Type System > auth: type "System" > modcall: entering group authenticate > rlm_unix: [demo]: invalid password > modcall[authenticate]: module "unix" returns reject > modcall: group authenticate returns reject > auth: Failed to validate the user. sure that the password of your user "demo" IS "demo"? does the user exist? please post the user configuration. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MacOS X & FreeRADIUS (yet again)
I don't think that system based auth will work in OSX as it uses netinfo for most of its internal AAA, however LDAP, xSQL and flat/db files should work. Sorry I cant provide more but I'm still correcting a number of problems caused by the move to 10.2. Snip from /etc/passwd ( OS 10.2 ) ## # User Database # # Note that this file is consulted when the system is running in single-user # mode. At other times this information is handled by lookupd. By default, # lookupd gets information from NetInfo, so this file will not be consulted # unless you have changed lookupd's configuration. ## At 01:57 -0700 09/17/2002, Philip Kearney wrote: >On 9/16/02 1:38 PM, "Alan DeKok" <[EMAIL PROTECTED]> wrote: > >> Philip Kearney <[EMAIL PROTECTED]> wrote: >>> Okay...I managed to get FreeRADIUS 0.7.1 to compile under MacOS X. >> >> That's just made my day. >> >>> With these changes, the make succeeded so I ran make install and everything >>> installed into /usr/local/. >> >> We'll try to get these changes in before the release of 0.8. >> >>> I now have radiusd made and installed at /usr/local/radiusd, but >>>it seems to >>> have real problems with some of the MacOS X configuration files like >>> /etc/passwd, /etc/groups, etc. >> >> Then don't cache them. Just comment out the lines, like it says to >> do for FreeBSD. It should then work. > >Alan, > >I set cache = no in radiusd.conf and then did radiusd -X > >And I see at the end of all the output... > >Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on >1814/udp. >Ready to process requests. > >"Looks promising", I think to myself. So I do "radtest test test localhost 0 >testing123" > >And then I see... > >rad_recv: Access-Request packet from host 127.0.0.1:49805, id=77, length=53 > User-Name = "test" > User-Password = "%\334\277\033r3\321.\3658w|\276\307\221\210" > NAS-IP-Address = 255.255.255.255 > NAS-Port-Id = "0" >modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > rlm_realm: Looking up realm NULL for User-Name = "test" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok >modcall: group authorize returns ok > rad_check_password: Found Auth-Type System >auth: type "System" >modcall: entering group authenticate > modcall[authenticate]: module "unix" returns notfound >modcall: group authenticate returns notfound >auth: Failed to validate the user. >Delaying request 0 for 1 seconds >Finished request 0 >Going to the next request >--- Walking the entire request list --- >Waking up in 1 seconds... >Segmentation fault >[pktibook:/usr/local/sbin] root% > > >So radiusd receives the request, fails to validate the user, finishes the >request and then eventually seg faults. Don't know why that is yet, >probably because I haven't really configured radiusd yet other than turning >caching off like you suggested. But it compiles and runs (once) right now >under MacOS X with those tweaks I mentioned in my last message to the list. > >It's progress! :-) > >PK > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Scott Silzer [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql crashing the rest of FreeRadius
On Tue, 17 Sep 2002, Peter Nixon wrote: > Hi Guys > > I have a question regarding the rlm_sql module crashing the rest of > FreeRadius. Below I have a selection from my logs. You can see that in the > space of 12 seconds my server shot itself in the head simply because it > didn't have enough DB handles. This has happened repeatedly over the last > few nights (since I switches this server from mysql to postgres). The > answer is obviously simple (increase the number of DB handles..) which I > have been doing each day, but our traffic has been increasing at a rapid > rate. My question is why is the rlm_sql module allowed to kill the server? > shouldn't the server still keep logging to the detail files even if the DB > is too busy? not just die messily? Luckily I have 2 more failover servers > still running mysql to to take the accounting traffic when this one dies. > > I would appreciate some comments from coders on why this happens, and if > there are any plans on fixing this? I am not a c programmer although I am > passable at perl so this is a bit beyond my skills to fix, but as I stated > in several previous posts I am intending on releasing my complete > FreeRadius based accounting system when it is complete, so please don't > think I am just whinging here without any effort on my part. This bug has been fixed in latest CVS snapshots. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Linux RedHat Shell Scripting
hi i don't know much about this issues but thinking about what you could want to do, i guess that it would be a better solution to use some back-end database with freeradius (sql, ldap), to log all accounting etc. in this database and to comfortably use database operations to extract whatever you want then. you want to analyze user information, the log file of the server is rather meant for analyzing server operations... ciao artur Nicholas Sim wrote: > Recently, we were running some tests on the freeradius server. We managed to > obtain a log file. The log file contains the user log in information. But > now, we are still finding a way to obtain a seperate log file between the > successful logins and the unsuccessful logins. Anyone out there know how to > do it? > One reply was to use shell scripting...but I have no knowledge of such > programmingPlease help -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP/Cisco Catalyst/freeradius-snapshot-20020916
I have commented all the DEFAULT authtype examples in the file and this is the only entry in there myuser Auth-Type = Local, User-Password == "mypassword" 9/17/02 5:32 PM, "Artur Hecker" <[EMAIL PROTECTED]> wrote: > hi > > if i understood correctly, you use local authentication with eap, i.e. > by some file. can you please post the configuration of the concerned > user in the radius "users" file? > > >> When I try to authenticate through windows XP Local area connection popup >> dialog, it refuses authentication straight away. >> >> modcall: entering group authorize >> modcall[authorize]: module "preprocess" returns ok >> modcall[authorize]: module "eap" returns updated >> modcall[authorize]: module "files" returns notfound >> modcall: group authorize returns updated >> rad_check_password: Found Auth-Type EAP >> auth: type "EAP" >> modcall: entering group authenticate >> rlm_eap: Request found, released from the list >> rlm_eap: EAP_TYPE - md5 >> rlm_eap: processing type md5 >> >> rlm_eap_md5: No password configured for this user >> >> modcall[authenticate]: module "eap" returns invalid >> modcall: group authenticate returns invalid >> auth: Failed to validate the user. >> Sending Access-Reject of id 56 to 10.0.0.212:1812 >> EAP-Message = "\0048\000\004" >> Message-Authenticator = 0x >> Finished request 2 > > if we don't get this with the config, we'll have to sniff traffic. a > firmware update is always a good idea especially if it is older than > 12-16 monthes. > > > ciao > artur > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql crashing the rest of FreeRadius
Hi Guys I have a question regarding the rlm_sql module crashing the rest of FreeRadius. Below I have a selection from my logs. You can see that in the space of 12 seconds my server shot itself in the head simply because it didn't have enough DB handles. This has happened repeatedly over the last few nights (since I switches this server from mysql to postgres). The answer is obviously simple (increase the number of DB handles..) which I have been doing each day, but our traffic has been increasing at a rapid rate. My question is why is the rlm_sql module allowed to kill the server? shouldn't the server still keep logging to the detail files even if the DB is too busy? not just die messily? Luckily I have 2 more failover servers still running mysql to to take the accounting traffic when this one dies. I would appreciate some comments from coders on why this happens, and if there are any plans on fixing this? I am not a c programmer although I am passable at perl so this is a bit beyond my skills to fix, but as I stated in several previous posts I am intending on releasing my complete FreeRadius based accounting system when it is complete, so please don't think I am just whinging here without any effort on my part. Mon Sep 16 19:22:18 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:18 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:18 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:18 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:18 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:18 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:18 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:19 2002 : Error: rlm_sql: All sockets are being used! Please increase the maximum number of sockets! Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:20 2002 : Error: WARNING: Unresponsive child (id 163842) for request 25043 Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:20 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:21 2002 : Error: rlm_sql: Stop packet with zero session length. (user '240', nas '212.50.53.201') Mon Sep 16 19:22:22 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:22 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:22 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:23 2002 : Error: rlm_sql: All sockets are being used! Please increase the maximum number of sockets! Mon Sep 16 19:22:24 2002 : Error: rlm_sql: All sockets are being used! Please increase the maximum number of sockets! Mon Sep 16 19:22:25 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:25 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:25 2002 : Error: rlm_sql: Stop packet with zero session length. (user '240', nas '212.50.53.201') Mon Sep 16 19:22:25 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:25 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:25 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:25 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:25 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:26 2002 : Error: rlm_sql: There are no DB handles to use! Mon Sep 16 19:22:26 2002 : Error: rlm_sql:
rlm_sqlcounter.c in CVS
Hi, I'm using the sqlcounter version of the latest CVS because I need more than 256 characters in the query string. If I use a query string greater than 256 I got a Segmentation fault, but if I use a query minor than 256 it works well. Debugging the code I notice that the problem is in the sqlcounter_authorize when it call the radius_xlat funcion on line 512. I'm searching a workaround without luck. Can you help me? Andrea --- COFFEE.EXE Missing---Insert Cup and Press Any Key. --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: logging passwords
Frank Cusack wrote: > > On Tue, Sep 17, 2002 at 09:39:14AM +0800, Nicholas Sim wrote: > > We manage to log the user but not the password of the user, even though > > we put 'yes' to all of the attributes in the radius.conf. > > > > Wed Aug 14 21:57:16 2002 : Auth: Login incorrect: [william/ > attribute>] (from client private-network-1 port 37 cli 00082131a705) > > > > Why? > > If the user is authenticating via CHAP the password is not available. The > log message seems to indicate that this is the case, but you can be sure > by doing radiusd -X to see how the user authenticated. Frank, you are of course right talking about the problem itself however it's not actually CHAP in that case, it's EAP/MD5 according to the question. EAP/MD5 is pretty much the same though there are major differencies in the real produced network packets. anyway, the idea _IS_ the same: the password is not available in clear on the wire or on the mid-way, i.e. proxy etc. One of the differencies between CHAP and EAP/MD5 is the production of the challenge: as far as i know, in the CHAP case it's NAS which generates challenges. with EAP/MD5 it's freeradius. Nicholas: on the mid-way they only see MD5 hashes of challenges+passwords. only the authentication ends know the passwords and could log them, but this is kind of completely useless, just look it up in the config file. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP/Cisco Catalyst/freeradius-snapshot-20020916
hi if i understood correctly, you use local authentication with eap, i.e. by some file. can you please post the configuration of the concerned user in the radius "users" file? > When I try to authenticate through windows XP Local area connection popup > dialog, it refuses authentication straight away. > > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "eap" returns updated > modcall[authorize]: module "files" returns notfound > modcall: group authorize returns updated > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - md5 > rlm_eap: processing type md5 > > rlm_eap_md5: No password configured for this user > > modcall[authenticate]: module "eap" returns invalid > modcall: group authenticate returns invalid > auth: Failed to validate the user. > Sending Access-Reject of id 56 to 10.0.0.212:1812 > EAP-Message = "\0048\000\004" > Message-Authenticator = 0x > Finished request 2 if we don't get this with the config, we'll have to sniff traffic. a firmware update is always a good idea especially if it is older than 12-16 monthes. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MacOS X & FreeRADIUS (yet again)
On 9/16/02 1:38 PM, "Alan DeKok" <[EMAIL PROTECTED]> wrote: > Philip Kearney <[EMAIL PROTECTED]> wrote: >> Okay...I managed to get FreeRADIUS 0.7.1 to compile under MacOS X. > > That's just made my day. > >> With these changes, the make succeeded so I ran make install and everything >> installed into /usr/local/. > > We'll try to get these changes in before the release of 0.8. > >> I now have radiusd made and installed at /usr/local/radiusd, but it seems to >> have real problems with some of the MacOS X configuration files like >> /etc/passwd, /etc/groups, etc. > > Then don't cache them. Just comment out the lines, like it says to > do for FreeBSD. It should then work. Alan, I set cache = no in radiusd.conf and then did radiusd -X And I see at the end of all the output... Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. "Looks promising", I think to myself. So I do "radtest test test localhost 0 testing123" And then I see... rad_recv: Access-Request packet from host 127.0.0.1:49805, id=77, length=53 User-Name = "test" User-Password = "%\334\277\033r3\321.\3658w|\276\307\221\210" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "0" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "test" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns notfound modcall: group authenticate returns notfound auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... Segmentation fault [pktibook:/usr/local/sbin] root% So radiusd receives the request, fails to validate the user, finishes the request and then eventually seg faults. Don't know why that is yet, probably because I haven't really configured radiusd yet other than turning caching off like you suggested. But it compiles and runs (once) right now under MacOS X with those tweaks I mentioned in my last message to the list. It's progress! :-) PK - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AAA???
On Wed, 7 Aug 2002 10:42:35 +0400 "Alexander M. Pravking" <[EMAIL PROTECTED]> wrote: > On Wed, Aug 07, 2002 at 12:18:20PM +0700, Yury Bokhoncovich wrote: > > Hi! > > > > On Wed, 7 Aug 2002, äÉÎÁÒ wrote: > > > > > Is it possible to make AAA(Authorization, Authentication, Accounting) > > > > Sure. I've got that beast on with our Pg (7.2.1 at the momemt). > > I don't recommended to use versions lesser than 7.0.1. > > IIRC there is problem with timestamp format in sql.conf or so. > > You should probably use raddb/postgresql.conf, > but timestamp processing there seems incorrect for me too, > along with some other things. > > BTW, who does maintain raddb/*sql.conf? > I see no $Id$ there. Good question! Where do we send patches/fixes? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin msg09356/pgp0.pgp Description: PGP signature
Re: mysql scheme
On Thu, 29 Aug 2002 14:21:35 -0400 Hernan <[EMAIL PROTECTED]> wrote: > Steve: > > I tried your sintax and it worked fine but when i do a > describe radacct > i only get | h323_remote_address | varchar(15) ,do you know > if this > is enough data to receive the h323_remote_address input > from radiusd > in the mysqld? > > The parameter in the detail file is h323remoteaddress and > the field > in the database is h323_remote_address ,do you know if this > diference > could bring any trouble? > > Thanks in advance > Hernan I have a comprehensive sql.conf and DB schema for accounting cisco VOIP traffic if you want it. I have now switched (in the last week) to Postgres however due to its better handling of date formats (allowing you to do sorts on h323setuptime etc. It also handles views which makes writing frontends to the data much simpler. Would the list be interested in my changes to both sql.conf and postgresql.conf and my new schemas? If not I may setup a SF project to handle it. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin msg09355/pgp0.pgp Description: PGP signature
Re: Linux RedHat Shell Scripting
On Tue, 17 Sep 2002, Nicholas Sim wrote: > Dear all, > > Recently, we were running some tests on the freeradius server. We managed to > obtain a log file. The log file contains the user log in information. But > now, we are still finding a way to obtain a seperate log file between the > successful logins and the unsuccessful logins. Anyone out there know how to > do it? > One reply was to use shell scripting...but I have no knowledge of such > programmingPlease help > > Thank you > > > _ > Join the worlds largest e-mail service with MSN Hotmail. > http://www.hotmail.com You can look in dialup_admin. In the bin directory there is log_badlogins (perl script) which will log failed logins in the radacct table in mysql. If you are using mysql for accounting then you can use it. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: radius.conf
I must apologize for this, I din't realize immediately that would be a problem, sorry. I read the radius.conf, but I don't understand it, I mean I don't understand if I need only unix/etc/passwd i must configure all other stuff as: acct_users huntgroups clients.conf users dictionary hints realms and the following error ?? rlm_realm: Looking up realm NULL for User-Name = "demo" what does it mean ?? I nead real configurations whether I use unix passwd ? log ---> doing the test:radtest demo demo localhost 0 testing123 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:2915, id=255, length=53 User-Name = "demo" User-Password = "Nq\365\213\316\t\374U\3122n~dc2\323" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "0" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "demo" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate rlm_unix: [demo]: invalid password modcall[authenticate]: module "unix" returns reject modcall: group authenticate returns reject auth: Failed to validate the user. -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok Inviato: lunedì 16 settembre 2002 16.08 A: [EMAIL PROTECTED] Oggetto: Re: radius.conf "Gian-Carlo Baldarelli" <[EMAIL PROTECTED]> wrote: > ## radiusd.conf -- FreeRADIUS server configuration file. That's nice. You didn't read it, but you posted the entire thing to the list. And it's obvious you edited it. So you're either running an older version of the server, in which case you should upgrade, OR, you've edited it to delete the comments which tell you how to solve your problem. I have no clue why you would do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html